• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 455
  • Last Modified:

Need to resolve to host name instead of IP address

I have an application that is used by my employees outside of the office network.  The employees VPN into the network and exchange information with the server from any available internet connection.  As it sits the server will send the proper information back to the outside systems only if the application is set to send information using the current IP address obtained from the server via the VPN.  As this IP changes constantly I would like the server to be able to send the information back to the outside systems using their host name but I am unsure of how to set that up.  Any help would be greatly appreciated.    
0
nciman
Asked:
nciman
  • 9
  • 7
1 Solution
 
Mechanic_KharkovCommented:
#1
E.g. OpenVPN has an option to set static vpn IP for users with their names. Their common names are taken from their SSL sertificates. You just create on server config subfolder ccd, where create for each user it's own file named with it's common name. In this files there is a line with ifconfig-push ROUTE. So each user will gain hi's own static IP wherever he is connected from. Check if Your VPN has such option to assign IP with user name.
Furthermore, if each client will obtain it's own personal VPN IP, You can assign some hostnames directly within HOSTS file.

#2
if Your VPN server is located not at the same machine where Your application islocated, You can group Your remote VPN users to connect to Your application via NAT or some port mapping that will be reset theirs originating IPs and all of them will connect to app with this NAT (gate) IP. So, Your app will see the same IP for all of these users that must resolve the problem.
0
 
ncimanAuthor Commented:
I very much like the idea of assigning hostnames.  Could you point me in the right direction to make this happen.

Thanks
0
 
Mechanic_KharkovCommented:
It depends on Your VPN implementation. Which one do You have?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
ncimanAuthor Commented:
As far as I know it a standard VPN Tunnel.  Please bear with me.
0
 
Mechanic_KharkovCommented:
Ok, some questions to clarify.
it's standard for what kind of OS?
How much clients usually use this VPN? (ten or less, hundreds, etc)
Can they connect simultaneously?
Do they use their own personal SSL certificates, or share the same one?
0
 
ncimanAuthor Commented:
VPN to Windows Server 2003
No more than 10 clients at a time
All VPN users use the same pre-shared key
All VPN users are connecting using the standard VPN client within Windows Vista
Simultaneous connections are successful
0
 
Mechanic_KharkovCommented:
Guess that all Your users have their own unique names when accessing to Your system?
Then it is easy to assign for each his own IP upon his username.

Your VPN must be configure to give IP's to clients not with DHCP, but "From a specified range of addresses".

Then go to User's properties, Dial-in tab, and set appropriate IP for that user.

The last step is to write this IP & Desired hostname pairs to Your hosts file.

(!) Attention!
Before make any changes to Your system, backup Your system state, and talk with admin. All these steps are theoretical, based on it's manual. But I have never setup VPN on 2003 server before.

0
 
ncimanAuthor Commented:
I have changed the User's properties under the Dial Up tab
I have written to the HOSTS file
When I connect via the VPN from the particular user's system the IP assigned is not the one I am looking for.  I assume that the VPN is not assigning the proper IP and I am not sure of how to make that change.
0
 
Mechanic_KharkovCommented:
I don't know how to set up already set up VPN. I used this article, and it tell that VPN can be configured to assign IP's from pre-set range vs DHCP. Maybe Your VPN is set up for automatic IP assigning, and user can't get static IP that You set for he. You need to find the way to configure the way of address assigning. Maybe if You run VPN Setup wizard again, it will alow to change this option. (?)

This picture, for example: http://techrepublic.com.com/i/tr/downloads/home/scott_lowe_images/figf_rras_ip_address_choice.jpg
0
 
ncimanAuthor Commented:
My VPN is configured on the router not on the Windows Server 2003 machine itself, does that make any difference?
0
 
Mechanic_KharkovCommented:
Of course it does the great difference!
It means that You need configure IP assigning on the router, not on the server. And I suspect that this router supports Windows usernames at all.. :-(
There is the best way to use router's documentation to clarify the question.
0
 
ncimanAuthor Commented:
Maybe it's better to set up the VPN on the server itself instead of using the router.  I am having difficulty finding any resources to assist in the setup of Windows usernames on the router VPN.
0
 
Mechanic_KharkovCommented:
If it's really helpful then why not?
And if You're able to setup IP assigning from some preferred range on the router, then You're still able to simple name this range in Your hosts file. Then VPN clients will have one of named (in hosts) IP from range. The only issue that the same user each time it connects can obtain new IP from range and new hostname.
Another question how the application resolves user domain names when clients connect to it.
I assume that any tcp or udp server use channel that is established by client side, and can communicate with client without knowing anything else about client side. Established connection is usually enough for server to distinct clients. If server wants it can gain remote IP from connection itself. For what it need it's hostname, and how it resolves this name?
0
 
Mechanic_KharkovCommented:
Is Your server communicating with its clients like this?
1. client connects to server and leaves it's request, and it's IP (hostname) to get answer to this address;
2. client disconnects;
3. some time later server connects back to client using stored address (IP or Hostname).

Does the main trouble occurs when client reconnects to VPN and changes it's IP between steps 1 & 3, so server cannot reach it with wrong address?
If this scheme is correct, then the only way is strong binding user with it's windows username to under-VPN-internal hostname (IP) regardless of their really IP (obtained from their ISP also can be dynamic).

#3
If users are entered to your windows network each time they connect to VPN, then they must be reachable inside the network with their netbios names. Maybe it's more simple to allow netbios through VPN?
Look related question also
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_20128651.html
0
 
ncimanAuthor Commented:
Current communication is client connects to server via VPN, VPN assigns IP address to client.  Client updates server with information required for business.  Server in turn processes the information received from client and is supposed to return alternate information back to the client.  The only way that the server can send required information back to client is if client software application that sends initial information to server is configured with client IP address obtained from VPN.  I would like the server to be able to send the required information back to the client using the clients hostname instead of said IP.
0
 
Mechanic_KharkovCommented:
Netbios naming seems to be the best solution. Any client, whenever it connects to server will have it's unique netbios name regardless of IP, and server could access to client (if it is connected of course).
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now